stevendpclark
commented
1 month ago Updated PR to the latest version of main as https://github.com/hashicorp/terraform-provider-vault/pull/2235 was merged, along with disabling a test to workaround an unreleased bug (will be in 1.16.3) in Vault Enterprise https://github.com/hashicorp/vault-enterprise/pull/5785
Description
This PR adds new data source and resource types for the PKI EST configuration API. The PR is built on top of https://github.com/hashicorp/terraform-provider-vault/pull/2235 as EST support requires the new mount fields.
This also requires Vault 1.16.3+ent at a minimum as the following fixes are required for this to work correctly
Sample TF script used for testing (along with the added tests)
```hcl variable "pki_int_path" { type = string default = "pki-int" } variable "est_pass" { type = string default = "estpass" } resource "vault_mount" "pki_root" { path = "pki-root" type = "pki" description = "PKI root mount" max_lease_ttl_seconds = "31536000" } resource "vault_pki_secret_backend_key" "root_key" { backend = vault_mount.pki_root.path type = "internal" key_name = "root-ca-key" key_type = "rsa" key_bits = 4096 } resource "vault_pki_secret_backend_root_cert" "root_cert" { backend = vault_mount.pki_root.path type = "existing" key_ref = vault_pki_secret_backend_key.root_key.key_name common_name = "Root CA" ttl = "364d" format = "pem" exclude_cn_from_sans = true ou = "My OU" organization = "My organization" } resource "vault_auth_backend" "cert" { type = "cert" tune { max_lease_ttl = "10s" } } resource "vault_auth_backend" "userpass" { type = "userpass" tune { max_lease_ttl = "10s" } } resource "vault_policy" "est_policy" { name = "est-policy" policy = <Checklist
Output from acceptance testing:
Community Note